Enjoy unlimited access to all forum features for FREE! Optional upgrade available for extra perks.
Sedo

Facebook Data Breach – Worse Than First Reported?

Status
Not open for further replies.
Acorn Newsbot

Acorn Newsbot

Junior Member
Joined
Jan 28, 2006
Posts
22,605
Reaction score
126
HiRes%20-%20small_0.jpg



Last week, Facebook revealed details of a data breach that they claimed affected up to 6 million registered users of the social network. Independent security experts looking into the issue believe that these initial admissions may have been understated.

As promised, the social networking giant has been emailing the 6 million users identified as having been impacted by the breach, to let them know personally what has happened.

The email gives brief details of how Facebook users uploaded address books containing private information to match contacts and generate friend recommendations.* Although this personal data remains hidden on the Facebook site, it was exposed erroneously through the Download Your Information tool, making it available to unauthorised third parties.

The explanatory email then goes on to give the user specific details of the personal information that was leaked, and estimates of how many people may have seen it. In general, the only private data exposed was telephone numbers and secondary email addresses.

The problem goes deeper
Since Facebook acknowledged the breach, other security companies have looked into the issue and believe that the problem may actually be far more damaging than initially claimed. Tests run by Packet Storm Security (PSS) have found that Facebook was understating the amount of information exposed in the emails sent to users.

According to their research, PSS believes that many users may have had more of their data distributed than they are told. One Facebook user was told that three items of their personal data had been leaked, but tests revealed that the person involved had actually lost seven – four more than they were told about. Because Facebook has not revealed what these additional items are, many users are rightly worried about the potential implications.

Facebook has also confirmed that the Download Your Information security loophole had been exposing private data for more than a year before this announcement.

And deeper…
Security experts then discovered that the Download Your Information data bug has exposed personal data belonging to people who do not use Facebook. When people have uploaded their address books for analysis, all of their non-Facebook using friends have been included. Facebook has then stored this information, ready for matching should those people join the social network at some point in the future.

As discussed previously, Facebook creates two profiles for every user. A public profile, with publicly accessible data, and a “shadow” profile, which stores everything else. Any contact details that do not match an existing Facebook user profile are stored in a separate shadow profile for later use. But this was also available via the Download Your Information tool.

Facebook has now confirmed that the information of non-users has been leaked, but that they will not be contacted. As such, these people may never know that their information has been shared without their permission. Most are probably unaware that Facebook was even storing their personal details.

What does this mean?
Facebook is rightly proud of its 1 billion users, and the online communities that have been built using their social network. However, this latest data breach should encourage everyone, Facebook user or not, to think carefully about how their data may be treated.

Few people would have expected that uploading their address book could cause so many problems, but fewer still would have paused to think about the fact that everything uploaded was being stored permanently. And almost no one would have considered what happened to the details of people who don’t use Facebook.

Address book sharing is built into Facebook’s website and mobile apps, making the function very easy to access and use. By simply clicking a button, data is sent to Facebook for analysis. And it is this ease of use that has led many people to upload data without considering any potential consequences.

Businesses in the UK are duty bound to protect personal information, and are prevented from sharing it without the express permission of the individual involved, mainly to avoid problems like this. As responsible internet users, there is good reason for private individuals to take a similar approach and to think carefully before sharing any data that may belong to others.

What can I do?
Because Facebook is only informing affected users, other people who have had their data leaked may never know. Short of contacting all your own friends and family and asking if they have received an advisory email from Facebook, there is almost nothing you can do to find out whether your information has been leaked.

As a private organisation, Facebook is exempt from the Freedom of Information Act 2000, which allows people to make requests from public bodies about the personal data they store. You could contact Facebook to ask for details of the information they hold on you, but they are not legally obliged to answer.

If you are particularly concerned about personal data being held by Facebook without your permission, you can ask to have your email address removed from their database. Non-users can complete this form to register such a request.

Facebook makes it clear in its documentation that although your information may be deleted, each time another registered user sends a sign-up request to you or uploads their address book, your details will be re-added. In effect, if your personal data has been shared with Facebook-using friends, family or acquaintances, there is little you can do to prevent it ending up online. However, you can continue to make deletion requests on a regular basis just in case.

This latest Facebook leak provides all web users with an opportunity to assess their attitudes to personal data, both their own and that of their friends. The Facebook Download Your Information tool may have made the exposure possible, but the personal data was first supplied willingly by Facebook’s users. And it is the users who must decide whether or not to share their data – and other people’s data – in future.






More...
 
Dynadot - Expired Domain Auctions
Status
Not open for further replies.

Similar threads

Helmuts
Security Updates Important Announcement: Data Security Incident - User Full Names
Replies
10
Views
1K
Adam H
Adam H
atlas
Official Statement from Brandable.uk
Replies
3
Views
1K
Helmuts
Helmuts
Acorn Newsbot
Nominet Learning from our #RESET mental health programme
Replies
0
Views
137
Acorn Newsbot
Acorn Newsbot
it.com
it.com How to Optimize Information Displayed about a Website in Google Search Results
Replies
0
Views
86
it.com
it.com
Acorn Newsbot
Nominet From fantasy sports to forecasting domains: How to carve your own path in the tech industry
Replies
1
Views
258
ukbackorder
ukbackorder

The Rule #1

Do not insult any other member. Be polite and do business. Thank you!

Members online

Total: 685 (members: 11, guests: 674)

☆ Premium Listings

Sedo - it.com Premiums

IT.com

Premium Members

UKBackorder
Get a .HipHop domain

Calendar events

Latest Comments

Spread the Word!

Acorn Domains Merch
MariaBuy Marketplace

New Threads

Domain Forum Friends

Other domain-related communities we can recommend.

Our Mods' Businesses

Perfect
Laskos
*the exceptional businesses of our esteemed moderators
General chit-chat
Help Users
  • No one is chatting at the moment.
  • Helmuts @ Helmuts:
    @Admin please enable the chat visible to unregistered users, or who haven't signed in their accounts. Tx
  • Helmuts @ Helmuts:
    brave_wjrpslfjya-png.4615
  • Helmuts @ Helmuts:
    please
    brave_qptn86fptt-png.4616
  • D AcornBot:
    DLOE has left the room.
  • Helmuts @ Helmuts:
    also, please keep the restriction in regards to posting > posting permission should be available to members only
  • Helmuts @ Helmuts:
    Hi @DLOE :)
  • Daniel - Monetize.info @ Daniel - Monetize.info:
    Welcome everyone!
  • Helmuts @ Helmuts:
    Hey :)
    • Like
    Reactions: Daniel - Monetize.info
  • Helmuts @ Helmuts:
    @Daniel - Monetize.info
    chrome_8fedcfysiy-png.4617
    .. can you see this one?
  • Helmuts @ Helmuts:
    nice, isn't it? :)
  • alan AcornBot:
    alan has left the room.
    • Wow
    Reactions: Jam
  • alan AcornBot:
    alan has joined the room.
  • alan AcornBot:
    alan has left the room.
  • alan AcornBot:
    alan has joined the room.
  • Helmuts @ Helmuts:
    Hi Alan
  • Helmuts @ Helmuts:
    long time no see
  • Helmuts @ Helmuts:
    hows parachute doing?
  • Helmuts @ Helmuts:
    :) huhhh.. Joe Rogan has just published an interview with Donald Trump
    To view this content we will need your consent to set third party cookies.
    For more detailed information, see our cookies page.
  • Helmuts @ Helmuts:
    almost 3 hours..
  • Helmuts @ Helmuts:
    morning all :)
  • Helmuts @ Helmuts:
    .. is anyone going to domain day in Dubai or icann Turkey?
    • Like
    Reactions: gdomains
  • boxerdog AcornBot:
    boxerdog has left the room.
  • Helmuts @ Helmuts:
    Greetings from Istanbul, Turkey!
  • alan AcornBot:
    alan has left the room.
  • C AcornBot:
    cav has left the room.
      C AcornBot: cav has left the room.
      Top Bottom